Hey there
I was looking through the code and samples and I couldn't find a solution to the following, so before I start wiring up code for the following I figured I would ask in case I missed something:
- I would like to authenticate some or all of my api controllers through an ApiKey/or/Creds that a tenant user generates. The Apikey/or/Creds would be provided in whatever header is convenient by an api client: in this case in whatever language the tenant/needs to interact with the api (curl, whatever other language).
- I also need for the tenant user to be able to set the api user credentials, so I was thinking about how to do it in both Identity server and asp.net identity.
- Currently I can get a token after I provide credentials, but I would like for a permanent api key or credentials in header that would not require the api client to provide creds before and then get a token.
It would be good for aspnetzero to come out of the box with a sample like that since most of us have to provide an externally consumable api.
Thank you!
<br>
3 Answer(s)
-
0
Hi,
- Authentication via ApiKey & ApiSecret is not supported out of the box. You can use http://docs.aspnetzero.com/documents/zero/latest/Development-Guide-Core#token-based-authentication
- Yes, you need to use Identity Server for that but AspNet Zero doesn't provide a UI for setting such API Keys as well.
- Answered in 1.
It seems like all your requests are related to authentication via ApiKey and unfortunately it is not supported out of the box.
-
0
Thank you for the answer! It would be good if that is a workflow or sample to be added.
API key & secret seems to be a more common use case for saas platforms and saas platform us what aspnetzero is good at helping with. it would be good to add to roadmap!
Cheers!
-
0
Track this feature request aspnetzero/aspnet-zero-core#1728.
Related: #5600